On 4/20/11 6:57 PM, Tab Atkins Jr. wrote:
> True, you need some side-channel to link the two iframes for a
> particular client. You can use something simple like one of the
> *other* within-domain communication mediums (cookies, localStorage,
> etc.)
Which is why there are options to restrict third-party cookies; I
believe there are proposals to apply those to localStorage and the like
as well.
> We already know that you can fingerprint a larger
> percentage of users
Which is why some UA vendors are actively trying to reduce the
fingerprintable bits of their UAs that they expose to page JS.
In other words, these are problems we're trying to solve. Adding to the
list of problems seems counterproductive here.
-Boris